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A Powerful S/390 Enterprise Server Gateway 
Connecting Applications and Networks 
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Provides the essential networking infrastructure for S/390 e- 
business environment offering: 

a Enterprise-class dependability, security, performance & scalability 
AEnd-to-end universal access to enterprise applications & data 
a Effective utilization of network assets 

Included in the OS/390 base at no additional charge 

ASupports improved networking solutions 
AKey driver in release-to-release upgrades 

































Evolution - Integrated Services 
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Utilize common services 

AStorage Management 
a Network attachment 
a High Performance Data Transfer 

TCP/IP and SNA integration 

ATN3270 

AEnterprise Extender 
a Network access 

Sockets Applications 

a UN IX Services offers S/390 
Server Consolidation and early 
access to Internet applications 
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Release 5 Highlights 


e-business 



TCP/IP rewrite improved performance* & 
increased scalability 

ANearly 4 times interactive throughput improvement 
AAlmost 70% reduction in TCP/IP overhead 
aUNIX System Services full set of applications 

New High Performance Data Transfer (HPDT) 
improved application performance 

Multi-Node Persistent Sessions extension 
improved SNA application availability 
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Virtual IP Addressing (VIPA) eliminated 

f I wii 

single connection failures - dynamic reroute 

Virtual Private Network (VPN) security features 
added to support S/390 e-business 

Printer support & device name management - 
TN3270e 



Performance comparison base TCP/IP V3R2 



Domain Names Server combined 
with Work Load Manager for 
connection balancing 

Full dynamic IP client access 
reduces administration costs 

ANetwork Station & other clients 
aDHCP combined with DNS provides 
direct name & address registration 

■RIPv2 for TCP/IP 
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Release 6 Highlights 

Continued TCP/IP performance* gains 

A14X interactive performance 
A13X Web serving 
a 4X file transfer performance 

SNA applications traverse IP networks end-to-end 
with Enterprise Extender 



AEnable convergence onto a single (IP) transport network 
aSNA/HPR transport retains transmission priority 
aLow overhead / high availability router based solution 
More efficient than DLSw solutions 
10X capacity improvement 
Leverages IP packet reroute capabilities 

Secure communications for TN3270 users 

ASecure Socket Layer security for SSL enabled clients 
ACan establish SSL & non-SSL ports to accommodate 
corporate security policies 

Optimized performance for satellite & fiber optic links 
- "long fat pipes" 


* Performance comparison base TCP/IP V3R2 



UNIX Sendmail allows 
consolidated e-mail 
administration on S/390 

OSPF & Multicast offers 
more effective & efficient 
network routing 

TN3270 performance & 
visibility improvements 








Release 7 Highlights 

Web serving performance record set with 
Fast Response Cache Accelerator 

a 21 ,591 ops/sec or about 1.8 billion web hits per day 

♦SPECweb96 industry benchmark 

OSA Express support gives direct Gigabit Ethernet link to S/390 

aTCP/IP stack enhanced to support direct memory access - Queued Direct I/O 
* IP traffic priority managed based on Type-of-Service byte 

IP packet flow control established with new Service Policy Agent 

aAIIows service differentiation managed via corporate policy (table) 

aLDAP enabled to allow centralized policy management across multiple servers 

Leading edge network security - enhanced integrated VPN support 

aS/ 390 encryption H/W employed when present 
AStronger IPSec encryption with 3-DES support 
AStrengthened authentication algorithms, packet replay protection 

Improved network management security with SNMPv3 

AUser based, message-level security prevents unauthorized network changes 
a Multilevel authorization controls access and change span-of-control 

Reduced TCP/IP image definitions improve Parallel Sysplex growth 

Centralized management of Java Network Client from OS/390 server 
Enhanced TN3270 server addressing increases server capacity - 64,000 
and reduces network resources 





Release 8 
Highlights 



Internet Key Exchange support simplifies & strengthens security 

AAutomatically create, securely distribute and non-disruptively refresh encryption keys 
AAdds security support for clients with dynamically assigned IP addresses 

Service policy enhancements ease the management of network SLAs 

a Performance monitoring of throughput, delay .. 

ADynamic update of service policies without impact to network availability 

Tightened TN3270 access to S/390 server & SNA resources - SSL authentication 

Automatic move to backup image increases availability - VIPA Takeover and 
automated restart of TCP/IP or application server 

Session level triple DES encryption provides more secure access to mission- 
critical SNA applications. 

Client can request TN3270 reconnect - Fast Reconnect 

Improved management of TCP/IP & SNA - correlation of TN3270 Client's DNS 
name with SNA LU name 


Enhanced 'real-time' load balancing across multiple paths 























Release 10 Highlights 


'Enterprise class' TCP/IP support 

ASysplex-wide workload balancing - single URL image 
for ease-of-growth and 'five-9s' availability 
Alntegrated 'real-time' work distribution based on QoS, 
server status, and policy - management of SLAs 
ANon-disruptive movement of workloads for balancing 
active workloads without user impact 
Large scale e-business serving 



a Dynamic control of QoS and VPN for end-to-end policy enforcement 

ATraffic regulation and proactive priority management for e-business 
application support 


AApplication security implementations that ease end-user access 
Alntegrated web serving solutions that improve productivity 

ALarge scale efficiencies from increa^ecLcaQSa higher thruput 
solutions and lower CPU usage 


SNA to IP 


convergence 


aids 


AEnterprise Extender extensions that provide 'stepped' 

SNA migrations to IP transport 
APowerful, secure, and user friendly Telnet support 
ATN3270 client visibility that links authorization and accounting 
information to end user 











Release 10 Highlights (cont.) 

Security Enhancements 

AOn-demand establishment of VPN tunnels reduces admin costs. 
Almproved TN3270 access security using SSL authentication. 

ATraffic regulation controls abuse of system resources by port or client 
on inbound connections. 

Availability Improvements 



ystem resourc 


ASysplex Distributor improves application availability and performance. 

ABuilding upon XCF and VIPA functions of prior releases. 

a Recovered application servers can take back workloads without and 
disruption to the end user. 

> Telnet automatic logon to SNA application - client connectivity to server 
is maintained if SNA application is not available at request. 

Performance, Usability & Service Updates 

aOSA Express adapters enhanced with Queued Direct I/O support 
providing direct memory access bypassing three processing layers. 

> Higher throughput and lower CPU usage resulting from targeted path 
length reductions. 

aFTP and TN3270 user enhancements improve manageability. 

aSNMP v3 & OSA-E MIBs support, improved TCP/IP diagnostics. 









Introduction to zSeries eServer 


A New Server for the New Age of Computing - z900 

az900 eServer was introduced in 4Q2000 


a 64 bit architecture to support needs for greater resources 
ACentral storage above 2Gb eliminates the need for expanded storage 
Allp to 20 Processing Units available for individual workloads 

ACentral processors can backup other CP's, System Assist Processors, 
Integrated Coupling Facility, or Integrated Facility for Linux processors 

ACryptographic coprocessor elements on single chip modules for easier 
replacement without having to replace entire MCM processor module 

ACapacity models available for Capacity Upgrade on Demand (CUD) 
ANew I/O card cage provides 28 I/O slots, supports 256 CHPIDs 



New Architecture Enables New Functionality 


/ Intelligent Resource Director - Dynamic and Automatic 

CPU management - balance workloads across z/VM, z/OS & LINUX (LPARs) 
Dynamic Channel Path management provides high availability, low congestion. 
Priority queuing decisions based on customer set SLA goals 

a Hipersockets permit direct LPAR to LPAR communication (4Q01) 
Increases performance and reduces latency 

Eliminates the need to use network equipment to communicate LPAR - LPAR 
Improves utilization of network interfaces for other workloads 

AManaged System Infrastructure reduces installation and maintenance 
complexity through the use of Wizards and configuration automation 

AWorkload based pricing models 



z/OS Version 1 Release 2 Overview 

Exploiting the zSeries Architecture 

AHiperSockets - High speed, low latency intra-CEC communication 
AHiperSockets Accelerator - reduces direct external connections 
Alntelligent Resource Director support expanded to LINUX & z/VM LPAR' 
A64 bit real exploitation - use 64 bit real for CSM, device drivers 
ALinux for zSeries promotes server consolidation with back-end data 
Sysplex Enhancements 

ASysplex Distributor integrated with CISCO'S MNLB for load balancing 
AFast Connection Reset - decreases client outage time during failures 

New Security Features 


a Intrusion Detection Services - focus on protection before the damage 
Builds upon V2R10 Traffic Regulation Functions and self protection strategy 

aTLS enabled FTP as well as Kerberized FTP, USS REXEC and RSH 

Usability Improvements 























z/OS V1R2 Overview (cont.) 


Best of Breed Applications 

aFTP Socks support, enhanced checkpoint/restart, latest standards 
ATN3270 Express Logon, more flexible definitions, latest standards 
aCICS sockets enhancements extending the reach of CICS sc 
aDNS updated to BIND 9.1, supporting DNSSEC, IPV6, and T 

APolicy Agent enhanced to support QoS application classificat 
VLAN priority tagging, and load balancing improvements 

System/Network Management 



aSNMP enhancements, better storage management for VTAM, new 
TCP/IP SMF records management 
ASupport for new OSA Express MIB 

AAdditional TCP/IP stack performance data available - useful in 
analyzing bottlenecks and diagnosing network problems 

Enhancements to TCP/IP Routing 

aOMPROUTE supports RIPvl, RIPv2 and OSPF and is preferr oH 
Configuration migration utility converts OROUTED files to OMPROU 
enables gradual migration from RIPvl to RIPv2 



> TLS enabled FTP, Kerberized FTP, USS REXEC and RSH 

Simplified TCP/IP Configuration 


aMSYS graphical user interface to configure key TCP/IP data files 


z/OS V1R2 Overview 
Hipersockets Support (4Q01) 


High-Speed Connectivity Inside CEC 
-Internal TCP/IP network 

f LPAR to LPAR communication via shared 
memory 

f High speed, low latency 
f Secure - data never flows outside the CEC 
f Dependable - no network adapter/cabling 
needed 

f Builds on Queued Direct I/O GbE architecture 
-Provided transparently as a part of Dynamic XCF 
f No additional configuration 
f TCP/IP stack automatically selects fastest 
transport between stacks across LPARs 

•Stack bypasses normal IP over XCF when partner 
stack is reachable over IQDIO 

-High Speed Connectivity to Other Operating 
Systems 

f Linux for zSeries 

•Can be configured as part of same internal network 
as z/OS 

•High speed access to enterprise data on z/OS 
•Anticipated to drive server consolidation 





































z/OS V1R2 Overview 
HiperSockets Accelerator (4Q01) 
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A separate/configurable HiperSockets function provided is called "HiperSockets Accelerator": 
-Configured via TCP/IP profile 

-Allows a single stack to act as a "router" for the entire CEC 

-Permits a reduced number of direct connections to "external (non CEC) network" 


© Copyright IBM Corporation 2000 































































z/OS V1R2 Overview 
Intelligent Resource Director 

Combines the strengths of Workload Manager, Logical 
Partitioning, and Parallel Sysplex Clustering to dynamically 
juggle system resources to meet Workload Manager goals 

LPAR CPU Management 

■Parallel Sysplex LPARs on the same server can be managed 
dynamically in real time according to Workload Manager (WLM goals) 

Processor resources can automatically be assigned to workloads 
based on business importance and Service Level Agreements (SLA's) 

Dynamic Channel Path Management 

■System can respond to peaks in demand for I/O channel bandwidth by 
moving additional channels to logical control units automatically 

Channel Subsystem Priority Queuing 

Extends the strength of I/O priority queuing by allowing I/O 
prioritization within an LPAR cluster 

VIR2 Extends LPAR CPU Management to Non-z/OS LPAR's 

(Avail 4Q01) Allows z/OS WLM to manage CPU resources applied to 
Linux and z/VM partitions based on relative importance compared to 
other workloads running in the same LPAR cluster. 



z/OS V1R2 Overview 


Exploitation of z/Series 64-bit 

Architecture 


Exploitation of 64-bit architecture 

-The Communication Storage Manager (CSM) now exploits real 
storage above the 2 Gigabyte range 

f CSM Data Space storage will now be backed above 2 
Gigabytes 

f Enabled automatically 

•When running on zSeries hardware with greater than 2 Gigabytes of 
real storage 

t QDIO and MPC+ device drivers now use 64-bit addressing 


zSeries 900 





z/OS V1R2 Overview 
Cisco's MNLB & Sysplex Distributor 


Fully integrated joint solution: 

-Sysplex Distributor becomes Service Manager 
for MNLB 

t Selects server based on WLM, QoS, and 
Policy 

t Sysplex Distributor provides connection 
information to switch via MNLB's CASA 
-Switch uses information to forward subsequent 
client-to-server data to the selected server 
t Using existing MNLB Forwarding Agents 
Leverages strengths of current solutions: 
-Improved performance 

t Sysplex Distributor would only process new 
requests 

t Switch would be forwarding client-to-server 
traffic at wire speed directly to selected server 
-Improved Usability and Availability 

t Common Configuration Used (i.e. Sysplex 
Distributor) 

•Based on Dynamic VIPA 
^VIPA Takeover Supported 


z/OS 

Sysplex 

Distributor 

host=x3 
backup=x4 
VIPA=3.3.3.3 
OSA OSA 



z/OS 

Sysplex 

Distributor 

host=x2 

backup=x3 

VIPA=2.2.2.2 

OSA OSA 
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Manner of 
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backup=x2 
VIPA=1.1.1.1 


Sysplex 

Distributor 

host=x4 

backup=x5 

VIPA=4.4.4.4 


z/OS 

Sysplex 

Distributor 

host=x5 
backup=x1 
VIPA=5.5.5.5 
OSA OSA 



■ ■■■■■ I New session requests 

■ Server-to-client traffic 

I Client-to-server traffic on existing 
sessions 






















z/OS V1R2 Overview 
Intrusion Detection Services 

Integrated Intrusion Detection Services under policy control to 
identify; alert, and document suspicious activity 



-Scans, Attacks Against Stack, Flooding 
Defensive methods 

-Packet discard, limit connections 
Reporting 

-Event and statistics logging, event 
messages to local console, IDS packet 
trace 

Security Policy Centrally Stored in LDAP 









































































z/OS V1R2 Overview 
Name Resolution on z/OS V1R2 


1 MY.GLOBAL.TCPIP.DATA . 

2//SYSTCPD 

3 userlD/jobname.TCPIP.DATA 

4 SYS1 .TCPPARMS 

5 MY.DEFAULT.TCPIP.DATA 



UNIX Socket Appl. 


System Resolver 





Sockemtjrary 


LE Socket Library 


1 MY.GLOBAL.TCPIP.DATA 

2 RESOLVER_CONFIG 
3/etc/resolv.conf 
4//SYSTCPD 

5 userlD/jobname.TCPIP.DAT! 

6 SYS1.TCPPARMS 

7 MY.DEFAULT.TCPIP.DATA 




Resolver Setup File 

JEFAULTTCPIPDAT ACMY.DEFAULT.1CPIP.DAT; 


) 


SLOBALTCPIPDATACMY.GLOBAL.TCPIP.DAT A') 


New System Resolver Component 

-Used by TCP/IP and LE provided socket APIs 
f Consistent behavior and functionality 
-Support for new Resolver Directives 

f SEARCH list - Allows a list of domain names to be used when resolving hostnames 
f SORT list - Allows returned IP addresses to be sorted based on specified network preferences 
-Ability to specify a global TCPIP.DATA file 

t Allows system administrator to set system wide policy for name resolution 
t Helps eliminate confusion about the location of TCPIP.DATA 
-Ability to specify dataset name for default TCPIP.TCPIP.DATA file 
-Dynamic reconfiguration support for Resolver parameters 

t Useful for long running jobs (no need to recycle application) 
































z/OS V1R2 Overview 
TN3270 SSL Express Logon 


TN3270 SSL Client Authentication (R8) 

-TN3270 Server uses client side certificates 
f Client authentication and Access control 

•Tightens security for Internet access to 
corporate Intranet 
S Client support in HOD V3 

TN3270 SSL Express Logon Support (VIR2) 
-PKI-Based Identification and Authentication 

f Certificate provides SNA session 
verification 

•Logon panels can be bypassed 
S Client support in HOD V5 

t Lost passwords and UserlDs a thing of the 
past 

•Accounts for 75% of help desk calls 
S According to industry survey 

f Brings SNA applications into IP world 
•No application changes needed 
^Express Logon done transparently 
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z/OS V1R2 Overview 


DNS Upgrade to 


New DNS server offers many improvements 
-Based on ISC BIND V9.1 
-DNS Security 

f DNSSEC (signed zones) 
f TSIG (signed DNS requests) 

-IP version 6 Support 

f IPv6 resource records (A6, DNAME, etc.) 

-DNS Protocol Enhancements 

f IXFR, DDNS, Notify, EDNSO |QC 

f Improved standards conformance NS 

- Multiprocessor Support 

t Can handle multiple concurrent queries 
DNS/WLM Load Balancing support not available in 
this version of DNS 

-Existing 4.9.3 version of BIND with the WLM support 
also shipped in VIR2 


Bind 9.1 
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z/OS V1R2 Overview 
Results: QoS enforced by transaction 


cations 
: or z/OS 


© Copyright IBM Corporation 2000 






z/OS V1R2 Overview 
System Network Management 


Netstat Enhancements 

-Additional filtering capability 

f e.g. ability to exclude TN3270 connections from a report 
-Ability to restrict Netstat usage 

f Can now define access control at Netstat option level 
-New TCP/IP statistics report 

f New TCP/IP protocol statistics (TCP/UDP/ICMP/IP layers) 

-New TCP server information 

f Number of connections accepted, current backlog, connections dropped when 
backlog is exceeded 

SMF Recording 

-New standard TCP/IP record (subtype 119) 

f Standard information/format across all records 
-Several new SMF records 

f Server Statistics (TCP/UDP) 
f UDP and Device layer statistics 
t TCP/IP startup/termination records 











z/OS VIR2 Overview 
Routing Enhancements 
Migrating to OMPROUTE 



OROUTED 
Configuration 
Migration Utility 



Migrating from OROUTED to OMPROUTE 


•Flags situations which require user intervention 



@ 

e-business 



z/OS V1R2 Overview 
msvs for S etup - TPC/IP support 


Tie Edit Confirm Menu Utilities Compilers Test Help 


Columns 00001 


VIEW SYSl.PARMLIB(IEASYS04) - 01.02 

00072 

Command ===> 

HALF 

- TO p 0 f Data ■ 


==MSG> -warning- The UNDO command is not available until you change 
==MSG> your edit profile using the command RECOVERY ON. 

000001 CLOCK=(00,01), SELECT CLOCK00 

000002 CMD=(00,04), COMMAND MEMBER 

000003 CON=04, 

000004 COUPLE=01, 

000005 GRS=STAR, 

000006 GRSCNF=01, 

000007 GRSRNL=01, 

000008 CSA=(3000,45000), MVS/ESA CSA RANGE 

000009 CSCBLOC=ABOVE, 

OOOOlf^HJM^^)^^40-42) , USE SVC DUMPS ON DASD DEVICES 

OOOj 

0 >F . , OP, 0L , DB , IX, L) , SPECIFY LNKLSTXX 
:f.,l), SPECIFY LPALSTXX 

MSI4.LOGREC, 

tEF.,04), SPECIFY BPXPRMOO 

SPECIFY IFAPRDOO 






file Edit View 


cesource 

IODS 




OS/390 Web- 
based Wizards 



BALJFP bws^s^StomPacPIA 7/13/00 6:10 PM 

/QBAl6JIFPPM/vs£ailed CustomPacPIA 7/13/00 6:10 PM 
3QBA6JFPPMwfiailed CustomPacPIA 7/13/00 6:10 PM 
7Q0AI&JFPPMw9©ompletestall 7/13/006:10 PM 

7Q8CIBDIH PMhaCompleffiask Scheduler 7/13/00 6:10 PM 
7/13/6:11 PM Complete 


Parallel Sysplex 


Sysplex Name: 

BaSft?e?El1gh Level 

Volumefor primary 
data Set: 

Volumefor alternate |-pvula 
data set: ■■■■■■* 

Volumefor spare psPVULS 

data set: 


Finish ^Cancel <jHelp 


The Traditional Way 


z/OS Managed System 
Infrastructure for Setup 
(z/OS msys for Setup) 


Simplified TCP/IP configuration 

-Part of z/OS Managed System Infrastructure (msys) 
r Initial phase of implementation 
-Graphical User Interface to configure key TCP/IP functions 
f TCP/IP profile 

•Basic device and link configuration, defaults for TN3270, FTP and port reservations 

f TCPIP.DATA 

•Basic configuration of resolver settings 

t OMPROUTE - basic device and link configuration 

t Configuration files are created in a PDS on the host system. 

t User must merge generated statements into existing configuration files. 
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z/OS V1R2 Overview 
SNMP Enhancements 


Support for new OSA Express MIB 

-Resource utilization and performance data 

s PCI bus and processor utilization, rates of inbound/outbound data transferred 
-This information can be very useful in diagnosing network bottlenecks and in 
capacity planning and tuning activities. 

New MIB objects for Dynamic VIPAs 

-Management data for the Dynamic VIPA and Sysplex Distributor functions. 
Additional SNMP enhancements (in Appendix) 









For More Information.... 


URL 


Content 


www.s390.ibm.com/networking 

www.ibm.com/software/network 

www.ibm.com/software/network/commserver 

www.ibm.com/software/network/hostintegration 

www.software.ibm.com/network/pcomm 

www.software.ibm.com/network/technology 

www.networking.ibm.com/ 


S/390 Connectivity Solutions 

Network Software 
Communications Servers 
Host Integration Solution 
Personal Communications 
Network Technologies 


Networking Hardware 



